← Back to team overview

openstack team mailing list archive

Re: Ceilometer-api Auth Error

 

Hello, claudio

I don't think you get the real token, because you did't specify the
tenantName or tenantID in curl command, even if you used admin and
admin_pass. Please read this document
http://docs.openstack.org/api/quick-start/content/ for details.


2013/6/6 claudio marques <mrqss_cld@xxxxxxxxxxx>

> Hi Doug
>
> I send authentications from the admin user. In order for me to explain you
> better the issue i will paste here the phases that i am trying to do:
>
> I use curl and send the admin user/password and ask for a token:
>
> curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password":
> "admin_pass"}}}' -H "Content-type: application/json"
> http://localhost:35357/v2.0/tokens
>
> It returns this
>
> {"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501",
> "expires": "2013-06-07T14:11:26Z", "id":
> "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="},
> "serviceCatalog": [], "user": {"username": "admin", "roles_links": [],
> "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"},
> "metadata": {"is_admin": 0, "roles": []}}}
>
> Then, i use curl again with the token that i just received with the
> following command
>
>
> curl -k -D -H "X-Auth-Token:
> MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="
> -X 'GET' -v http://localhost:8777/v2/meters
>
> The return value is this
>
> ** getaddrinfo(3) failed for X-Auth-Token:80*
> ** Couldn't resolve host 'X-Auth-Token'*
> ** Closing connection 0*
> *curl: (6) Couldn't resolve host 'X-Auth-Token'*
> ** About to connect() to localhost port 8777 (#1)*
> **   Trying 127.0.0.1...*
> ** Connected to localhost (127.0.0.1) port 8777 (#1)*
> *> GET /v2/meters HTTP/1.1*
> *> User-Agent: curl/7.29.0*
> *> Host: localhost:8777*
> *> Accept: */**
> *>*
> ** HTTP 1.0, assume close after body*
> *< HTTP/1.0 401 Unauthorized*
> *< Date: Thu, 06 Jun 2013 14:14:06 GMT*
> *< Server: WSGIServer/0.1 Python/2.7.4*
> *< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'*
> *< Content-Length: 381*
> *< Content-Type: text/html; charset=UTF-8*
> *<*
> *<html>*
> * <head>*
> *  <title>401 Unauthorized</title>*
> * </head>*
> * <body>*
> *  <h1>401 Unauthorized</h1>*
> *  This server could not verify that you are authorized to access the
> document you requested. Either you supplied the wrong credentials (e.g.,
> bad password), or your browser does not understand how to supply the
> credentials required.<br /><br />*
> *Authentication required*
> *
> *
> *
> *
> * </body>*
> ** Closing connection 1*
>
> No data is returned in any case.
>
> I manually installed 3 node openStack and ceilometer , so i am not using
> devStack.
>
> Even when i try to send manually credentials of the admin user:
>
> *ceilometer --os-username admin --os-password password --os-tenant-name
> admin --os-auth-url http://localhost:5000/v2.0 resource-list*
>
> the result is this:
>
> *No handlers could be found for logger "ceilometerclient.common.http"*
> *Invalid OpenStack Identity credentials.*
>
> Is there any possibility that keystone is not validating all the Tokens?
>
>
> Claudio Marques
>
>
> ------------------------------
> Date: Thu, 6 Jun 2013 09:42:38 -0400
> From: doug.hellmann@xxxxxxxxxxxxx
> To: claudio@xxxxxxxxxxxx
> CC: openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Ceilometer-api Auth Error
>
>
>
>
>
> On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques <claudio@xxxxxxxxxxxx>wrote:
>
> Hi Stackers
>
>
> Hi have a problem with ceilometer-api. I want access it via curl or http
> and every time i try to do it i simple get the same errors.
>
> This server could not verify that you are authorized to access the
> document you requested. Either you supplied the wrong credentials (e.g.,
> bad password), or your browser does not understand how to supply the
> credentials required.
>
> My ceilometer.conf file is like this:
>
> [DEFAULT]
> os_username=admin
> os_password=admin_pass
> os_tenant_name=admin
> os_auth_url=http://10.0.1.167:5000/v2.0/
> signing_dirname = /tmp/keystone-signing-ceilometer
> metering_api_port=8777
> auth_strategy=keystone
>  nova_control_exchange=nova
> hypervisor_inspector=libvirt
> libvirt_type=qemu
> glance_control_exchange=glance
> quantum_control_exchange=quantum
> debug=true
> verbose=true
>
> log_dir=/var/log/ceilometer
> rpc_backend=ceilometer.openstack.common.rpc.impl_kombu
> rabbit_host=localhost
> rabbit_port=5672
> rabbit_userid=guest
> rabbit_password=guest
> rabbit_retry_backoff=2
> rabbit_max_retries=0
> rabbit_use_ssl=False
>
> database_connection=mongodb://10.0.1.25:27017/ceilometer
> sql_connection_debug=0
> cinder_control_exchange=cinder
> enable_v1_api=true
>
> [keystone_authtoken]
>
> auth_host = localhost
> auth_port = 5000
> admin_user = admin
> admin_password = admin_pass
> admin_tenant_name = admin
> auth_uri = http://10.0.1.167:5000/v2.0/
>
>  What auth chould i pass in order to get metrics form ceilometer?
>
>
> The ceilometer API uses keystone authentication, just like the other
> OpenStack services. If you pass credentials for a regular user, you can see
> data about the tenant/project you're authenticating with. If you pass
> credentials for an admin user, you can see all data.
>
> Doug
>
>
>
> Thank's for any reply
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________ Mailing list:
> https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netUnsubscribe :
> https://launchpad.net/~openstack More help :
> https://help.launchpad.net/ListHelp
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

References